Security Advisories - PKSA-y5sy-w7mt-r97k - Packagist.org

PKSA-y5sy-w7mt-r97k Security Advisory

[MEDIUM] Shopware: Unauthorized Payment Trigger for Foreign Orders via /store-api/handle-payment

PKSA-y5sy-w7mt-r97k CVE-2026-48016 GHSA-9v5m-39wh-5chq

Affected package: shopware/core

Affected version: <6.6.10.18|>=6.7.0.0,<6.7.10.1

Reported by:
GitHub